Description
When processing certain files, PHP EXIF extension in versions 7.1.x below 7.1.28, 7.2.x below 7.2.17 and 7.3.x below 7.3.4 can be caused to read past allocated buffer in exif_iif_add_value function. This may lead to information disclosure or crash.
Remediation
References
Related Vulnerabilities
Undertow Improper Input Validation Vulnerability (CVE-2020-1757)
Apache HTTP Server CVE-2013-5704 Vulnerability (CVE-2013-5704)
MongoDb Loop with Unreachable Exit Condition ('Infinite Loop') Vulnerability (CVE-2018-20803)
WordPress Plugin Simple Membership Security Bypass (3.8.5)
WordPress Plugin AB Press Optimizer Multiple Cross-Site Scripting Vulnerabilities (1.1.1)